General

  • Target

    11a912977a61a44c9feda462953e74d0_JaffaCakes118

  • Size

    321KB

  • Sample

    240504-h69n1saa82

  • MD5

    11a912977a61a44c9feda462953e74d0

  • SHA1

    3a8a12f8232af0970a4d55767a2d589ac707bb7f

  • SHA256

    2989b2f627ed746a78d02544ad3797676243086f633a5ec972ba0e7fa9ded804

  • SHA512

    7ec872908c7302b0d2ab4726a43869ea19ad857396113922c927bee3cfcd2e58236f58c357fc18e0da460e92c8b51c41fdc31fa551fe0f63ed79a0b0b85212ef

  • SSDEEP

    6144:qfwD/eHK1rGTAOfrIV/QHxOtJkkgYsGGdzK:qfwDz1+q4Hsi+

Malware Config

Targets

    • Target

      11a912977a61a44c9feda462953e74d0_JaffaCakes118

    • Size

      321KB

    • MD5

      11a912977a61a44c9feda462953e74d0

    • SHA1

      3a8a12f8232af0970a4d55767a2d589ac707bb7f

    • SHA256

      2989b2f627ed746a78d02544ad3797676243086f633a5ec972ba0e7fa9ded804

    • SHA512

      7ec872908c7302b0d2ab4726a43869ea19ad857396113922c927bee3cfcd2e58236f58c357fc18e0da460e92c8b51c41fdc31fa551fe0f63ed79a0b0b85212ef

    • SSDEEP

      6144:qfwD/eHK1rGTAOfrIV/QHxOtJkkgYsGGdzK:qfwDz1+q4Hsi+

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks